An issue I've seen is that there is a large disconnect between corporate decision makers and those tasked with O&M for 800-53, 800-171, CMMC compliance, etc. They don't realize just how much it will cost the organization to meet AND maintain those compliance requirements. Some corporate leadership just focuses on how much it is going to cost and can we cut corners to get more profit for the company
I guess this overconfidence explains why it is so difficult to convince DIB companies to engage with a DFARS/CMMC preparation company. This really proves once again that nothing will change until the Govt. mandates AND enforces the requirement. Thanks for another good episode guys.
Thanks again for continuing to bring to the surface objective evidence identifying specific areas of improvement in order to actually implement cyber security.
